The nature of software renders it susceptible to analysis and copying by third parties. There have been considerable efforts to enhance software security, see for instance U.S. Pat. No. 6,668,325 assigned to Intertrust Technologies Inc. There have been several efforts to provide technical protection for software. A well-known protection approach is called obfuscation, which typically relies on a rearrangement of the source code. Computer code (software or programs) comes in two chief types; the first is source code, which is as written by a human being (programmer) in a particular computer language. The source code itself is often then obfuscated. The other chief type is called object code or compiled code or binary code or machine code. This is the source code after having being processed by a special type of computer software program called a compiler; a compiler is routinely provided for each computer language. The compiler takes as input the alphanumeric character strings of the source code as written by the programmer, and processes them into a string of binary ones and zeros, which can then be operated on by a computer processor.
It is also known to obfuscate the compiled (object) code. The term “code morphing” is also applied to obfuscating object code. This is typically achieved by completely replacing a section of the object code with an entirely new block of object code that expects the same machine (computer or processor) state when it begins execution as a previous code section and will leave with the same machine state after execution as does the original code (thereby being semantically equivalent code). However, typically a number of additional operations compared to those of the original code will be completed, as well as some operations with an equivalent effect, by the morphed code. Code morphing makes disassembly or decompiling of such a program much more difficult. This is typically the act of taking the machine code and transforming it back into source code, and is done by reverse engineers or “hackers” who wish to penetrate the object code, using a special decompiler program. A drawback with code morphing is that by unnecessarily complicating operations and hindering compiler-made optimizations, the execution time of the obfuscated object code is increased. Thus typically code morphing is limited to critical portions of a program and so is often not used on the entire computer program application. Code morphing is also well known for obfuscating copy protection or other checks that a program makes to determine whether it is a valid, authentic installation or a pirated copy, for security purposes.
Therefore, typically the goal of obfuscation is to start with the original code and arrive at a second form of the code, which is semantically or logically equivalent from an input/output point of view. As pointed out above, this means that for any input to the code in the field of possible inputs, the output value of the code is the same for both the original code and the obfuscated code. Thus a requirement of successful obfuscation is to produce a semantically equivalent (but also protected) code to the original (unprotected) code.
As well known, computer programs called obfuscators perform obfuscating; they transform a particular software application (program) in object code form into one that is functionally identical to the original, but is much more difficult for a hacker to penetrate, that is decompile. Note that the level of security from obfuscation depends on the sophistication of the transformations employed by the obfuscator, the power of the available deobfuscation algorithms as used by the hacker, and the amount of resources available to the hacker. The goal in obfuscating is to provide many orders of difference between the cost (difficulty) of obfuscating vs. deobfuscating.
Generally obfuscation techniques, especially when applied to object code, are independent of the actual source code language used. This is because all source code when compiled results in a binary string of values. Hence, the type of obfuscation described here, which is applied to the object code, is applicable to code in all known computer languages.
Hence it is conventional that the obfuscation process is performed at one location or in one computer (machine) after the source code has been written and compiled. The obfuscated code is then transferred to a second computer/processor where it is to be executed after installation in associated memory at the second computer. (Note that the normal execution does not include any decompiling since there is no need on a machine-level basis to restore the source code. Decompiling is strictly done for reverse engineering purposes.) At the second (recipient) computer, the obfuscated code is installed and then can be routinely executed by the processor at the second computer. The obfuscated code is executed as is. The obfuscated code is usually slower to execute than the original code.